Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
138s -
max time network
220s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
09/04/2024, 10:06
Static task
static1
Behavioral task
behavioral1
Sample
FL_Studio_21.2.3_Build_4004.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
FL_Studio_21.2.3_Build_4004.exe
Resource
win10v2004-20240226-en
General
-
Target
FL_Studio_21.2.3_Build_4004.exe
-
Size
987.8MB
-
MD5
69a586f5beb04b717624879e01104ec2
-
SHA1
7d779dc7713fda36250817ef776ffb2c468fb142
-
SHA256
640a39669277a32fca4ebc639493a81aa5bdfdbd09587b48d59a6fcce65f1700
-
SHA512
b93d63681a1b35f0e1494b7c9217b4ee3c690db8383d524d289554e0a2a1d0a8b7fd21a68c6a65de6f01c823d3bb233b72836dd2f7d0f1a6f94e4953896bac06
-
SSDEEP
25165824:ZuQ6hGbitDF718x3unBPnEDXxrQSLP41V4sVvqXMu4HvwS:H3bitDFxKXx8SLodgMx
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation FL_Studio_21.2.3_Build_4004.exe -
Executes dropped EXE 1 IoCs
pid Process 4656 FL.Studio.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4656 FL.Studio.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2932 wrote to memory of 4656 2932 FL_Studio_21.2.3_Build_4004.exe 96 PID 2932 wrote to memory of 4656 2932 FL_Studio_21.2.3_Build_4004.exe 96 PID 2932 wrote to memory of 4656 2932 FL_Studio_21.2.3_Build_4004.exe 96
Processes
-
C:\Users\Admin\AppData\Local\Temp\FL_Studio_21.2.3_Build_4004.exe"C:\Users\Admin\AppData\Local\Temp\FL_Studio_21.2.3_Build_4004.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2932 -
C:\Users\Admin\AppData\Local\Temp\RarSFX0\FL.Studio.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\FL.Studio.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4656
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
623.9MB
MD571b94cf3651ee4c5ceaa50ef341a82a6
SHA1320327c3daba0f9f2c7690d2ad3116a2dbb9a59f
SHA2562bb8fd59999cbc4a6064c81384c0c3a97d73d80c0a710be9aaf3d5eda1884fef
SHA5124d5e6b1e5c18507a39a6c535c593c72e1c320930291c09aaa3257facd7c1ddba3766e264a4b7b88a61afe28e17c6f60b82969f95442896f472419f673de18e3f
-
Filesize
611.2MB
MD5fec77c3c58474582bb45d77bc638cbb1
SHA1900f10ddbdf06525d6e185ed204439c0e7eee874
SHA256a085eaf4916e92069870202597394842ee1ac28789e58327f324d4f2139cd2ba
SHA512a2cf911c32aa23e9a4b0ba0685db2c9dfc29440f1e55342db5ea23a82f34f7714540a7dc18b62b2744d8570e6e21b16a8adf0a13b222bf237e102649fcb31a5b
-
Filesize
829.1MB
MD50ebea480e66c87ab22efd97aa3b4d686
SHA14dc64e1805d364ec5bb54b297da50ba299772962
SHA256d12199543e459523837d466d799abd2b33ab32b1ff87e64599ca80908ee41b46
SHA512255f293303266242bcaf515ee88187861a40be031a1c746ddc7dde9f4a7cf403025d8c1c1b31b93b62f24541fdb6241b0ff88326573f1ad13a551bd11b340cf3